Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAOsAccountCache.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.recentactivity;
20 
21 import java.nio.file.Path;
22 import java.nio.file.Paths;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26 import java.util.Optional;
28 import org.sleuthkit.datamodel.AbstractFile;
29 import org.sleuthkit.datamodel.BlackboardAttribute;
30 import org.sleuthkit.datamodel.Host;
31 import org.sleuthkit.datamodel.OsAccount;
32 import org.sleuthkit.datamodel.OsAccount.OsAccountAttribute;
33 import org.sleuthkit.datamodel.SleuthkitCase;
34 import org.sleuthkit.datamodel.TskCoreException;
35 
41 final class RAOsAccountCache {
42 
43  private final Map<String, OsAccount> accountCache = new HashMap<>();
44 
54  void initialize(SleuthkitCase tskCase, Host host) throws TskCoreException {
55  buildAccountMap(tskCase, host);
56  }
57 
74  Optional<OsAccount> getOsAccount(AbstractFile file) throws TskCoreException {
75  Optional<Long> optional = file.getOsAccountObjectId();
76 
77  if (!optional.isPresent()) {
78  return getAccountForPath(file.getParentPath());
79  }
80 
81  OsAccount osAccount = Case.getCurrentCase().getSleuthkitCase().getOsAccountManager().getOsAccountByObjectId(optional.get());
82  if (osAccount.getName().equals("S-1-5-32-544")) {
83  return getAccountForPath(file.getParentPath());
84  }
85 
86  return Optional.ofNullable(osAccount);
87  }
88 
97  private Optional<OsAccount> getAccountForPath(String path) {
98  Path filePath = Paths.get(path.toLowerCase());
99  // Check if the path might be a user path.
100  if (filePath.startsWith(Paths.get("/users")) || filePath.startsWith("/document and settings")) {
101  for (String key : accountCache.keySet()) {
102  if (filePath.startsWith(Paths.get(key))) {
103  return Optional.of(accountCache.get(key));
104  }
105  }
106  }
107  return Optional.empty();
108  }
109 
115  private void buildAccountMap(SleuthkitCase tskCase, Host host) throws TskCoreException {
116  BlackboardAttribute.Type homeDir = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HOME_DIR);
117  List<OsAccount> accounts = tskCase.getOsAccountManager().getOsAccounts(host);
118 
119  for (OsAccount account : accounts) {
120  List<OsAccountAttribute> attributeList = account.getExtendedOsAccountAttributes();
121 
122  for (OsAccountAttribute attribute : attributeList) {
123  if (attribute.getHostId().isPresent()
124  && attribute.getHostId().get().equals(host.getHostId())
125  && attribute.getAttributeType().equals(homeDir)) {
126  accountCache.put(attribute.getValueString(), account);
127  }
128  }
129  }
130  }
131 }

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.